HoldingHands
AlienVault
· Published 20/12/2025 20:01 · Modified 21/12/2025 18:48
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 20:01
- Modified
- 21/12/2025 18:48
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 37 attack patterns (mitre), 1 intrusion sets (apt), 2 sectors, 12 countries, 45 indicators, 1 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (37)
-
T1566.001 usesSpearphishing Attachment
-
T1134 usesAccess Token Manipulation
-
T1059 usesCommand and Scripting Interpreter
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1036 usesMasquerading
-
T1573.001 usesSymmetric Cryptography
-
T1056.001 usesKeylogging
-
T1566 usesPhishing
-
T1204.002 usesMalicious File
-
T1112 usesModify Registry
-
T1071 usesApplication Layer Protocol
-
T1005 usesData from Local System
-
T1083 usesFile and Directory Discovery
-
T1566.003 usesSpearphishing via Service
-
T1204.001 usesMalicious Link
-
T1055.001 usesDynamic-link Library Injection
-
T1082 usesSystem Information Discovery
-
T1113 usesScreen Capture
-
T1204 usesUser Execution
-
T1041 usesExfiltration Over C2 Channel
-
T1125 usesVideo Capture
-
T1016 usesSystem Network Configuration Discovery
-
T1574 usesHijack Execution Flow
-
T1055.003 usesThread Execution Hijacking
-
T1055.012 usesProcess Hollowing
-
T1012 usesQuery Registry
-
T1055 usesProcess Injection
-
T1119 usesAutomated Collection
-
T1497 usesVirtualization/Sandbox Evasion
-
T1027 usesObfuscated Files or Information
-
T1598 usesPhishing for Information
-
T1053 usesScheduled Task/Job
-
T1057 usesProcess Discovery
-
T1574.002 uses
-
T1105 usesIngress Tool Transfer
-
T1566.002 usesSpearphishing Link
-
T1571 usesNon-Standard Port
Intrusion sets (APT) (1)
-
TA4922 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 Published 04/06/2026 10:38 · Modified 04/06/2026 10:38
Sectors (2)
- Government targets
- Finance targets
Countries (12)
- India targets
- Italy targets
- Singapore targets
- United Kingdom of Great Britain and Northern Ireland targets
- Japan targets
- Taiwan targets
- South Africa targets
- Malaysia targets
- Germany targets
- British Indian Ocean Territory targets
- Indonesia targets
- China targets
Indicators (45)
-
zcqiyess.vipindicates -
e0a6a71c605d9a4076147e9537f82f79f1e1eccadc874595160aa4637ff4088cindicates -
3119cf37b8267db8a2dcd11d9a83d5237d7ef1e42388e7c9afa2831b91da8a2dindicates -
https://ws.ztts88.cyou/upload.phpindicates -
jppjp.vipindicates -
twswzz.xinindicates -
1c4bc67ae4af505f58bd11399d45e196fc17cc5dd32ad1d8e6836832d59df6e6indicates -
c6095912671a201dad86d101e4fe619319cc22b10b4e8d74c3cd655b2175364cindicates -
twsww.xinindicates -
584a9448dda46bd590d7a2f86228100d2ae6e0d6d990c1a4459ed5ee28e07ae8indicates -
de82998ad5fcd63deae030803388e0fb4290d6223fda82368fd25b99b823f0d2indicates -
gjqygs.cnindicates -
nwphotoblog.comindicates -
0857148fb0bc4aa7adf967ede2307bdb4fc427065d5b6a6db132688a5a8e1eb8indicates -
ws.ztts88.cyouindicates -
4fcfa88fffacbce30bbe2136753c9ab5a4c092940d2406fd9d44d5118e745b9dindicates -
http://twswzz.xin/index.htmlindicates -
c138ff7d0b46a657c3a327f4eb266866957b4117c0507507ba81aaeb42cdefa9indicates -
40b41979b317406f8abc601677a3b93aaf6ef8ab8ac188b8f383735e388f13b5indicates -
twczb.comindicates -
a648db354820ea4d02940cb1702b35974513b7aae83f6dffaacaac4ba31f9295indicates -
jpjpz1.topindicates -
https://ws.ztts88.cyou/file/cg.exeindicates -
314f4b59535d1b783e1c20c2be00f9e30f8ed27b2e21fad06a73b47ea43279efindicates -
804dc39c1f928964a5c02d129da72c836accf19b8f6d8dc69fc853ce5f65b4f3indicates -
a75eab31d7ff06b6864960ad7e633be3f9730ff3d3873e4539c8f425fc632dadindicates -
103.214.172.33indicates -
154.211.86.110indicates -
66a3836b9a17771bce2161f6b73cbc2494a91e49d6aa30d2d53711e8d10de60dindicates -
8c9b6542f73c5c7fe455b52f5101314407da4f65ff48e7ebf6896605e607c8d0indicates -
https://nwphotoblog.comindicates -
zxp0010w.vipindicates -
fb9c9ed91fc70f862876bd77314d3b2275069ca7c4db045e5972e726a3e8e04cindicates -
112.121.183.202indicates -
2d2a251a88632f010fd9671789746908eeccaa5bc5c0a5d25e4649efe4f5b15dindicates -
031c916b599e17d8cfa13089bddafc2436be8522f0c9e479c7d76ba3010bbd18indicates -
http://twsww.xin/download.htmlindicates -
dc45981ff705b641434ff959de5f8d4c12341eaeda42d278bd4e46628df94ac5indicates -
jpjpz1.ccindicates -
9d0a55c545c4147956db2c2667c4ed931a2875309147548b1dfdd216228f5f73indicates -
0db506d018413268e441a34e6e134c9f5a33ceea338fc323d231de966401bb2cindicates -
2b1719108ec52e5dea20169a225b7d383ad450195a5e6274315c79874f448caaindicates -
206.238.115.58indicates -
03e1cdca2a9e08efa8448e20b50dc63fdbea0e850de25c3a8e04b03e743b983dindicates -
8d25da6459c427ad658ff400e1184084db1789a7abff9b70ca85cf57f4320283indicates
Reports (1)
-
AlienVault Confidence 100 23 MITREs 8 Malwares 23 IOCs 23 Observables 1 APTPublished 03/06/2026 14:55 · Modified 04/06/2026 08:40 · threat-report